- target_path = admin_mode ? admin_session_path : user_session_path
- render_remember_me = admin_mode ? false : remember_me_enabled?
- user_params = params[:user].presence || params

= gitlab_ui_form_for(:user, url: target_path, method: :post, html: { class: "gl-show-field-errors js-2fa-form #{'hidden' if @user.two_factor_webauthn_enabled?}", aria: { live: 'assertive' }}) do |f|
  .form-group
    = f.label :otp_attempt, _('Enter verification code')
    -# Note: we use inputmode="numeric", because TOTP. However, recovery codes are alphanumeric.
    = f.text_field :otp_attempt, class: 'form-control gl-form-input', required: true, autofocus: true, autocomplete: 'off', inputmode: 'numeric', title: _('This field is required.'), data: { testid: 'two-fa-code-field' }
    %p.form-text.gl-text-subtle.hint
      = _("Enter the code from your two-factor authenticator app. If you've lost your device, you can enter one of your recovery codes.")

    - if render_remember_me
      = f.hidden_field :remember_me, value: user_params.fetch(:remember_me, 0)

  = render Pajamas::ButtonComponent.new(type: :submit, variant: :confirm, block: true, button_options: { data: { testid: 'verify-code-button' } }) do
    = _("Verify code")

- if render_email_otp_fallback_for_totp?(@user)
  - verification_data_hash = verification_data(@user)
  #js-2fa-email-verification-data{ data: { send_email_otp_path: users_fallback_to_email_otp_path, username: @user.username, email_verification_data: verification_data_hash.to_json } }

- if @user.two_factor_webauthn_enabled?
  #js-authentication-webauthn{ data: webauthn_authentication_data(user: @user, params: params, admin_mode: admin_mode) }
